Yesterday, we announced two new measures designed to protect against spear-phishing. Attachment Protect and User Awareness reduce the threat from malware-laden attachments, and help IT teams raise employee security awareness.
Both services are available as part of Mimecast Targeted Threat Protection, which now gives customers a comprehensive defense against the key technical and human risks from spear-phishing.
Spear-phishing attacks are a rapidly growing and evolving threat that needs a new generation of services to protect organizations.
Initially, it was about stopping URL links to malicious websites. But now the threat has moved on to weaponized attachments. So sandboxing has become a critical technical defense. Here attachments are tested in a safe environment before they can be delivered to the recipient. But sandboxing does have its limitations. It delays emails, which is frustrating and impacts employee productivity. It’s typically expensive to provide pre-emptive sandboxing, meaning organizations often limit who they protect to keep costs under control. That’s not good enough. As attacks using weaponized attachments become more commonplace and can be targeted at any employee, this puts organizations at risk if they are limiting this critical protection.
Our approach is different. We make it cost effective and easier to protect the whole organization.
Mimecast Targeted Threat Protection – Attachment Protect combines traditional pre-emptive sandboxing for those who want it with a transcription service that automatically gives all employees a safe and threat-less email attachment instantly. It does this by replacing inbound email attachments that could contain malicious code (e.g. PDF or Microsoft Office files) with safe transcribed versions – neutralizing any malicious code. Most employees only need to view attachments, so no further action is needed. If employees need to edit a file, a link in the email can be used to request the original file on-demand via our cloud-based sandboxing service.
However, technology is only part of the defense against spear-phishing and other security threats for that matter. A comprehensive strategy requires employee education. We need to improve employee skills and vigilance, and turn them into a human firewall that can thwart the scammers and hackers.
The problem is traditional IT training is ineffective, time-consuming and ultimately unable to keep up with advanced security threats that change all the time.
Now, in addition to link rewriting, URL Protect includes innovative dynamic user awareness capabilities so IT teams can raise the security awareness of employees. Once enabled, a percentage of links in emails clicked by an employee will open a warning screen. This provides them more information on the email and destination, prompting them to consider if the page is safe. If they choose to continue, their opinion is logged, URL Protect scans the link and blocks access if the destination is unsafe. IT administrators can set how frequently these awareness prompts are shown to ensure employee caution is maintained. Repeat offenders that click bad links will get more frequent prompts automatically until their behavior changes.
A comprehensive security strategy requires not just technology defenses but also employee education. You need to improve employee skills and vigilance, and turn them into a human firewall that can thwart the scammers and hackers.
If you’d like more information about these new services, please register for the Targeted Threat Protection Webinar or let us show you a demo. Also, please leave a comment on this post if you have any questions – thanks!
The word “Partnership” is described as an agreement to cooperate and advance mutual interests. It’s a simple term but one that is often overused, and in most cases, unbalanced. As we grow-up and mature into our business lives, having trust in individuals and organizations has helped shape our thinking, personalities and reactions. It’s the level of confidence you place in others that drives the development of a true partnership.
For example, Mimecast is in a partnership with HP, and this week, we see the start of HP Discover in Las Vegas. Every attendee at this show will be in a partnership with HP in some form – a supplier, a task facilitator, or an extension to their existing IT team. The reasons why Mimecast choose to work with HP is to assist our joint customers.
If this sounds like a sales pitch, remember that I don’t work for HP, but I do understand the genuine value they bring as a partner.
The HP-Mimecast partnership is evolving with the market opportunity – for example, you might think that your email is working just fine on that old Windows Server 2003. But you know that Microsoft will no longer be supporting this after July. So now is a crucial time for IT teams to decide which vendors to partner with to make a change. Whether your final destination is Microsoft Exchange 2013 or Office 365, HP is there to guide you through the process, and is best partnered with Mimecast’s 100 percent uptime SLA on email availability and security to protect your company’s essential communication stream.
Regardless of where you are at on your journey, we hope you can drop by Mimecast booth #3533 at HP Discover to find out how we can help reduce your risk and support you when migrating to Office 365 or Exchange and see how we’re working together with HP as true partners.
If you want to succeed in Australia you can’t just commit to a sales and support presence. Putting down technology roots is vital, especially if you aspire to grow government and financial services sectors.
Since opening in Melbourne in July 2013, Mimecast has experienced strong growth in the region and now it’s time for us to put down deeper roots.
So we’re pleased to confirm we’re in the final stages of preparing local data centers in Australia. This investment is designed to help Australian organizations protect email with security, continuity and archiving cloud services while meeting increased customer demand for local data residency.
The two new identical data centers in separate locations in New South Wales will join a global network of ten data centers in five countries around the world currently serving the email security and data needs of over 13,000 customers and millions of their employees.
Like in the rest of the world, email continues to be the most prevalent business communication tool in Australia, used to collaborate and share information around the world. It’s also used as key record of business activities, subject to increasing compliance, legal and e-discovery requirements, including the Australian Privacy Principles. Meanwhile, tolerance for email downtime is almost zero, yet it’s increasingly under constant attack from a wide range of adversaries.
In short, we believe a very high concentration of Australian businesses most valuable corporate data is held within email. Data loss, leakage or security breaches from email have been shown to have devastating effects. These new data centers will support our mission to support customers in reducing the risk, cost and complexity surrounding email and give employees a better experience too.
Cloud services are growing in their popularity with Australian businesses and Microsoft Office 365 is becoming a popular primary email service. We intend to take advantage of this trend with our suite of complementary cloud services for Office 365. Mimecast helps its customers put in place cloud-on-cloud protection that complements their security and archiving capabilities under Office 365, as well as mitigating a potential single vendor exposure they have in the event of service downtime.
If you’d like to learn more about our plans in Australia, why not come and visit us at AusCERT 1st-5th June. Mimecast is exhibiting at booth S36 and I’ll be presenting ‘Email: The New Frontier in the Defence of Corporate Data’ on Thursday, 4th June 15.25-16.05.
Cyber-criminals don’t discriminate by size when it comes to selecting an organization as a target of attack. In fact, recent high-profile data breaches have taught us that mid- or smaller-sized businesses are often a target of those trying to attack larger organizations, as they are seen as a soft way to infiltrate a supply chain.
This is why midmarket businesses must pay attention to their data security and deal with the same email-related risks as larger enterprises – they need to improve email security, protect data and prevent the threat of new attacks, like spear-phishing. The difference, though, is that many in the midmarket are doing so with limited budget and IT resources.
But midmarket businesses don’t have to sacrifice email and data security because of these restraints. Mimecast helps midmarket organizations get out of the business of running email on multiple point solutions, which is costly, complex and eats up IT resources. We provide best-of-breed security, archiving and continuity services for email in the cloud that allows businesses of all sizes to get the protection they need without prohibitive cost.
This is why we believe Mimecast was recognized by two leading midmarket IT organizations for providing email services in the cloud that meet the specific needs of medium-sized businesses.
Mimecast was named "Best Vendor, Service" at the spring 2015 Midmarket CIO Forum. The awards recognize powerful partnerships between technology vendors and enterprise IT teams that deliver measurable value to the IT organizations. Selected by a panel of CIOs, Mimecast was recognized as a leader in the IT Vendor Excellence category for providing an “established service that has been exemplary in specifically meeting the needs of the midmarket.” In addition, Mimecast was named “Best Midsize Enterprise Summit Newcomer” at Enterprise Summit East 2015 for a “strong market need” for its services.
Sometimes, mainstream media does not recognize fully the contribution the mid and smaller companies make to the economy. In truth, it’s often the most exciting frontier in terms of new business practice and technology adoption. However, it’s also a security battleground that needs a fundamental rethink to keep up with increasingly sophisticated threats. It’s the responsibility of technology providers like Mimecast to meet this threat in partnership with the smaller businesses and organization.
Moreover, I can honestly say, it’s a challenge we’re excited about.
If you'd like to learn more about our email archiving service, which is popular amongst our mid-sized customers, please click here.